WPA2 security patch

Anonymous · ‎Oct 23, 2017

Recently, most of our buyers are worried about WPA2 security problem.

So can you please let us know the following?

1. Do you have a patch for WPA2 security issue?

2. If not, then do you have a plan when you will be able to provide?

3. If yes, then is is possible to get a patch which can be applied to SDK2.4,1?

Thank you for your help.

MichaelF_56 · ‎Oct 23, 2017

What we have has been posted here: Security Bulletins

AxLi_1746341 · ‎Oct 23, 2017

mifo wrote:
What we have has been posted here: Security Bulletins

If my understanding is correct, that "wpa_supplicant patches" is nothing to

do with WICED SDK.

MichaelF_56 · ‎Oct 23, 2017

Correct. Related to the Linux based SW package. The same changes will be released as part of the upcoming WICED Studio SDK release.

Anonymous · ‎Oct 24, 2017

Our application is for WiFi AP.

In my understanding, the KRACK is related to hacking only when a device is connected to the AP.

So the patches are all for the client not for AP?

MichaelF_56 · ‎Oct 24, 2017

From the first KRACK document here Security Bulletin: KRACK attack against implementations of Wi-Fi WPA2 security

GROUP 3:

CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088

CVE-2017-13082 describes a vulnerability in Access Points (APs) that implement the FT reassociation requests associated with 802.11r. The other CVEs describe vulnerabilities in station devices that implement the PeerKey handshake and other specific wireless network management exchanges.

Cypress chipsets and current software releases are not affected by these CVEs.

Our patches are only for the Client (station), not the AP.